Dutch police say they've managed to crack data held on a private server protected by end-to-end encryption, as part of an investigation into the alleged sale of secure BlackBerry devices linked to organized crime.
The country's national police service last week revealed it had analyzed 7TB of data that was partially encrypted with PGP privacy and authentication software on a Canada-based server.
Now with "access to 3.6 million encrypted messages within organized crime", the police said the information is being used in investigations into multiple crime rings involved in assassinations, armed robbery, drug trafficking, and money laundering.
Since last spring, the Dutch and Canadian police have been cooperating to identify customers of Netherlands-based tech company Ennetcom. Toronto police seized Ennetcom's main server last year and presented a copy of it to the Dutch police in September 2016.
Charging about €1,500 ($1,600) per device, Ennetcom sold custom PGP BlackBerry smartphones, often with the camera and microphone removed, offering end-to-end messaging encryption.
These custom PGP BlackBerry devices are strongly linked to organized crime rings, which rely on the encryption to theoretically thwart surveillance from the authorities.
The Netherlands Forensics Institute, together with the Dutch police, has been using a dedicated, forensic search engine called Hansken to analyze the BlackBerry messages' metadata, which was not encrypted.
By the end of last year, the Dutch police were able to identify more than 1,000 users of Ennetcom's custom BlackBerry devices and their aliases.
Despite its hack on Ennetcom's server, the Dutch are generally known for supporting a citizen's right to privacy.
In December 2015, the Dutch government voted to give financial support to three open-source programs to improve data security across the web at a time when other countries were pressuring large tech companies to grant national governments special access, or backdoors, to their customers' data.
But the Dutch police have been pushing forward on with its own digital strategies that could be used to breach privacy without the tech companies' help.
In addition to its strategies in the Ennetcom hack, the police force now exploits zero-day bugs, in a similar fashion to the methods allegedly exposed by the recent CIA leaks, for official investigations without involving tech manufacturers.